How to run a executable in ui.js file

laiba · March 6, 2024, 11:19am

Hi, i want to run a command using fs.exec_direct() in ui.js file.
i show error "Access Denied by ACL".
How i add permission for my executable fro ui.js?

jow · March 6, 2024, 11:37am

By adding an appropriate ACL definition. The most minimal one would be:

root@OpenWrt:~# cat /usr/share/rpcd/acl.d/my-package-acl.json
{
	"my-package-name": {
		"description": "Grant access to command required by my package",
		"write": {
			"file": {
				"/usr/bin/my_command --my --args 123 etc.": [ "exec" ]
			}
		}
	}
}

The /usr/bin/my_command --my --args 123 etc. key string must match the command line you're going to invoke exactly. You may use wildcards (* and ?) if needed, e.g. /usr/bin/my_command --foo * to allow executing /usr/bin/my_command with the argument --foo followed by arbitrary other arguments.

To apply the new ACL, log out and in again or issue a service rpcd reload.

laiba · March 7, 2024, 4:42am

thank you so much @jow

laiba · March 7, 2024, 5:50am

i want to run this command, in console it show done but it is not actually writing it in file.

fs.exec('/bin/echo',[res, '>> /var/log/messages']).then(console.log("**********done "));

/usr/share/rpcd/acl.d/for_ui_file.json

{
	"my-package-name": {
		"description": "Grant access to command required by my package",
		"write": {
			"file": {
				"/var/log/messages": [ "write" ],
				"/bin/echo": [ "exec" ]
			}
		}
	}
}

jow · March 7, 2024, 7:25am

Stdio redirection is a shell feature, you cannot use it directly in an argument vector. You could invoke a command like that:
ACL: "/bin/sh -c 'echo "$@" >> /var/log/messages' -- *": [ "exec" ]
Call: fs.exec('/bin/sh', ['-c', 'echo "$@" >> /var/log/messages', '--', res])

However this is very risky and prone to undesired shell code injections, it is better to ship a specialized wrapper script which only exposes the desired functionality.

Example:

root@OpenWrt:~# cat /usr/libexec/my-package-helper
#!/bin/sh

case "$1" in
--help)
  echo "Usage: $0 {--help|--append-log message}" >&2
  exit 1
;;
--append-log)
  shift
  echo "$1" >> /var/log/messages
;;
esac

Then allow access to /usr/libexec/my-package-helper --append-log * and invoke it as fs.exec('/usr/libexec/my-package-helper', ['--append-log', res])

See other existing scripts in /usr/libexec/ for inspiration, e.g.

github.com

openwrt/luci/blob/master/applications/luci-app-opkg/root/usr/libexec/opkg-call

#!/bin/sh

. /usr/share/libubox/jshn.sh

action=$1
shift

case "$action" in
	list-installed)
		cat /usr/lib/opkg/status
	;;
	list-available)
		lists_dir=$(sed -rne 's#^lists_dir \S+ (\S+)#\1#p' /etc/opkg.conf /etc/opkg/*.conf 2>/dev/null | tail -n 1)
		find "${lists_dir:-/usr/lib/opkg/lists}" -type f '!' -name '*.sig' | xargs -r gzip -cd
	;;
	install|update|remove)
		(
			opkg="opkg"

			while [ -n "$1" ]; do

This file has been truncated. show original

or

github.com

openwrt/luci/blob/master/applications/luci-app-nlbwmon/root/usr/libexec/nlbwmon-action

#!/bin/sh

case "$1" in

	backup)
		dbdir=$(uci -q get nlbwmon.@nlbwmon[0].database_directory)

		if [ ! -d "${dbdir:-/var/lib/nlbwmon}" ]; then
			echo "Unable to locate database directory" >&2
			exit 1
		fi

		exec /bin/tar -C "${dbdir:-/var/lib/nlbwmon}" -c -z . -f -
	;;

	commit)
		exec /usr/sbin/nlbw -c commit
	;;

	download)

This file has been truncated. show original

or

github.com

openwrt/luci/blob/master/applications/luci-app-mwan3/root/usr/libexec/luci-mwan3

#!/bin/sh
#
# Copyright (C) 2021 TDT AG <development@tdt.de>
#
# This is free software, licensed under the GNU General Public License v2.
# See https://www.gnu.org/licenses/gpl-2.0.txt for more information.
#

. /lib/functions.sh
. /lib/functions/network.sh
. /usr/share/libubox/jshn.sh

IIF=1000
FWMARK=2000
ID=0

usage() {
	local status="$1"
	local msg="$2"
	if [ -n "$msg" ]; then

This file has been truncated. show original

laiba · March 7, 2024, 10:14am

hi @jow i want to get username in ui.js file. i follow this

but this works for js files in view.

system · March 17, 2024, 10:16am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.